Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-40409

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-26 Sep, 2023 | 20:14
Updated At-04 Nov, 2025 | 19:18
Rejected At-
Credits

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:26 Sep, 2023 | 20:14
Updated At:04 Nov, 2025 | 19:18
Rejected At:
▼CVE Numbering Authority (CNA)

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

Affected Products
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 17 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 12.7 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 13.6 (custom)
Vendor
Apple Inc.Apple
Product
tvOS
Versions
Affected
  • From unspecified before 17 (custom)
Vendor
Apple Inc.Apple
Product
watchOS
Versions
Affected
  • From unspecified before 10 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn app may be able to execute arbitrary code with kernel privileges
Type: N/A
CWE ID: N/A
Description: An app may be able to execute arbitrary code with kernel privileges
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213938
N/A
https://support.apple.com/en-us/HT213932
N/A
https://support.apple.com/en-us/HT213931
N/A
https://support.apple.com/en-us/HT213936
N/A
https://support.apple.com/en-us/HT213937
N/A
http://seclists.org/fulldisclosure/2023/Oct/5
N/A
http://seclists.org/fulldisclosure/2023/Oct/10
N/A
http://seclists.org/fulldisclosure/2023/Oct/6
N/A
http://seclists.org/fulldisclosure/2023/Oct/8
N/A
http://seclists.org/fulldisclosure/2023/Oct/9
N/A
Hyperlink: https://support.apple.com/en-us/HT213938
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213932
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213931
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213936
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213937
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/5
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/6
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213938
x_transferred
https://support.apple.com/en-us/HT213932
x_transferred
https://support.apple.com/en-us/HT213931
x_transferred
https://support.apple.com/en-us/HT213936
x_transferred
https://support.apple.com/en-us/HT213937
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/5
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/10
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/6
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/8
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/9
x_transferred
https://support.apple.com/kb/HT213932
N/A
https://support.apple.com/kb/HT213931
N/A
https://support.apple.com/kb/HT213938
N/A
https://support.apple.com/kb/HT213937
N/A
https://support.apple.com/kb/HT213936
N/A
Hyperlink: https://support.apple.com/en-us/HT213938
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213932
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213931
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213936
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213937
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/5
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/6
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213932
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213931
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213938
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213937
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213936
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-noinfoCWE-noinfo Not enough information
Type: CWE
CWE ID: CWE-noinfo
Description: CWE-noinfo Not enough information
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:27 Sep, 2023 | 15:19
Updated At:04 Nov, 2025 | 20:16

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Apple Inc.
apple
>>ipados>>Versions before 17.0(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 17.0(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 12.0.0(inclusive) to 12.7(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 13.0(inclusive) to 13.6(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>Versions before 17.0(exclusive)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>watchos>>Versions before 10.0(exclusive)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2023/Oct/10product-security@apple.com
N/A
http://seclists.org/fulldisclosure/2023/Oct/5product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/6product-security@apple.com
N/A
http://seclists.org/fulldisclosure/2023/Oct/8product-security@apple.com
N/A
http://seclists.org/fulldisclosure/2023/Oct/9product-security@apple.com
N/A
https://support.apple.com/en-us/HT213931product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213932product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213936product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213937product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213938product-security@apple.com
Release Notes
Vendor Advisory
http://seclists.org/fulldisclosure/2023/Oct/10af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2023/Oct/5af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/6af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2023/Oct/8af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2023/Oct/9af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/en-us/HT213931af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213932af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213936af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213937af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213938af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213931af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT213932af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT213936af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT213937af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT213938af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/5
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/6
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9
Source: product-security@apple.com
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213931
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213932
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213936
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213937
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213938
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213931
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213932
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213936
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213937
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213938
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213931
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213932
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213936
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213937
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213938
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1535Records found
CVE-2022-34224
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.78% / 90.31%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 13:22
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm setItems Use-After-Free Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2022-34260
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.27%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:46
Updated-23 Apr, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8694
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.74%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32378
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-416
Use After Free
CVE-2019-8785
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.47%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8776
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.09%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:48
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8706
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.48% / 64.90%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:43
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_oswatchostvosmac_os_xtvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8715
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.78%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:42
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xmacOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34220
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.34% / 79.78%
||
7 Day CHG~0.00%
Published-15 Jul, 2022 | 15:33
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2022-34228
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.28%
||
7 Day CHG~0.00%
Published-15 Jul, 2022 | 15:36
Updated-23 Apr, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2025-30330
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 17:48
Updated-15 May, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Heap-based Buffer Overflow (CWE-122)

Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-illustratormacoswindowsIllustrator
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8801
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.10%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesmac_os_xiTunes for WindowsmacOS
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-8602
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-4.10% / 88.37%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvossafarimac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30324
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 17:29
Updated-22 May, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Photoshop Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)

Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-windowsphotoshopmacosPhotoshop Desktop
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2022-34245
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.26%
||
7 Day CHG-0.10%
Published-15 Jul, 2022 | 15:48
Updated-23 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8577
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.72% / 72.20%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvossafarimac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOStvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8709
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.50% / 65.53%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:42
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8781
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-15.91% / 94.61%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32383
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.65%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-34222
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.20%
||
7 Day CHG~0.00%
Published-15 Jul, 2022 | 15:34
Updated-23 Apr, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC query Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-44277
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.7||HIGH
EPSS-0.03% / 10.14%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-03 Nov, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosvisionosiphone_ostvostvOSvisionOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32837
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.87%
||
7 Day CHG~0.00%
Published-24 Aug, 2022 | 19:46
Updated-29 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacostvosmac_os_xipadosmacOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30317
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.01%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 16:23
Updated-16 Jun, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-indesignwindowsmacosInDesign Desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-30312
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.82%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 17:29
Updated-11 Jul, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dimension | Out-of-bounds Write (CWE-787)

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-dimensionmacoswindowsDimension
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32384
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacoswatchOStvOSmacOSiOS and iPadOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32915
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.98%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-7286
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-2.13% / 83.89%
||
7 Day CHG+0.11%
Published-18 Dec, 2019 | 17:33
Updated-23 Oct, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xiOSmacOSMultiple Products
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30310
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:53
Updated-14 May, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dreamweaver Desktop | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-dreamweavermacoswindowsDreamweaver Desktop
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2022-32887
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.53%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osiOS
CVE-2022-32815
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.72%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xtvosmacosiphone_osipadoswatchoswatchOStvOSmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32820
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.67%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xtvosmacosiphone_osipadoswatchoswatchOStvOSmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7287
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-5.35% / 89.88%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-23 Oct, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osiOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32866
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.68%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macoswatchostvosmacOSwatchOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32401
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.24%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32798
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32947
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.35% / 57.29%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosipadosiphone_oswatchosmacOSwatchOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30449
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.84%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 22:22
Updated-03 Nov, 2025 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2022-32903
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.43%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-06 May, 2025 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-tvosiphone_oswatchoswatchOSiOS
CWE ID-CWE-416
Use After Free
CVE-2022-32897
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.1||HIGH
EPSS-0.44% / 62.62%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 19:21
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32418
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.75%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 00:31
Updated-23 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32381
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.67%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 23:52
Updated-23 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2023-32433
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 23:49
Updated-23 Oct, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2023-32434
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-69.05% / 98.59%
||
7 Day CHG+0.44%
Published-23 Jun, 2023 | 00:00
Updated-23 Oct, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-14||Apply updates per vendor instructions.

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacoswatchoswatchOSmacOSiOS and iPadOSMultiple Products
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-32366
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.24%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-26 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOSmacosipados
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-27160
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.18%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 18:10
Updated-28 Apr, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-acrobat_dcacrobat_readermacosacrobat_reader_dcwindowsacrobatAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2025-27183
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:30
Updated-02 May, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Write (CWE-787)

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-macoswindowsafter_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-27194
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:35
Updated-05 May, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Media Encoder | Out-of-bounds Write (CWE-787)

Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-media_encodermacoswindowsMedia Encoder
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30638
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.37%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 13:12
Updated-27 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-27167
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.89%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 18:00
Updated-31 Mar, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Untrusted Search Path (CWE-426)

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-macoswindowsillustratorIllustrator
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-32396
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.20%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 20:14
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-tvoswatchosipadosmacosxcodeiphone_osiOS and iPadOStvOSwatchOSXcodemacOS
  • Previous
  • 1
  • 2
  • ...
  • 13
  • 14
  • 15
  • ...
  • 30
  • 31
  • Next
Details not found